Authenticating products

ABSTRACT

A method of authenticating products includes receiving a description of detectable features read from a package. The package includes two or more detectable features, and the detectable features are affixed on the package based on encoded information. Authentication information is provided based on a comparison of the received description to one or more stored package identifiers.

BACKGROUND

Products sold to customers are often sent through a series ofintermediate points between the original source, such as a manufacturer,and the customers, who may buy the products from a retailer. Productsmay include food items, pharmaceutical drugs or other products,including products of manufacture. These products may be sold to acustomer through a grocery store, a pharmacy, a department store orother type of retailer.

Counterfeited products may enter the supply chain to the customer at anynumber of different points in the supply chain. For example, awholesaler may receive counterfeit goods which it passes on to aretailer, or directly to the customer.

Because of the possibility of spoofing, wherein a counterfeiter copiesthe packaging of the product, manufacturers attempt to prevent entry ofcounterfeit products into the marketplace by protecting the packages.Manufacturers can make it difficult for counterfeiters to copy or spoofthe packaging on their products. Some approaches that manufacturers haveused include using holograms or three dimensional printing on packages.For example, a hologram of a company's logo is placed on a package so acustomer buying the product knows that the product is from the companyand is not counterfeit. These approaches provide some deterrence.However, counterfeiting (due to its high margin and willingness of somecounterfeiters to “invest” in new technologies) has become verysophisticated so that it is has become difficult for manufacturers toprovide product packaging that cannot be replicated by counterfeiters ofthe product.

SUMMARY OF THE INVENTION

A process for authenticating products is described. A description ofdetectable features read from a package is received. The packageincludes two or more detectable features, and the detectable featuresare affixed on the package based on encoded information. Authenticationinformation is provided based on a comparison of the receiveddescription to one or more stored package identifiers.

BRIEF DESCRIPTION OF THE DRAWINGS

Features of the present invention will become apparent to those skilledin the art from the following description with reference to the figures,in which:

FIG. 1 illustrates an example of an authentication system.

FIG. 2 illustrates an example of a supply chain in which anauthentication system may be used.

FIG. 3A illustrates data flow within an embodiment of an authenticationsystem.

FIG. 3B illustrates data flow of authentication user system.

FIG. 4A illustrates an example of a package identifier.

FIG. 4B illustrates an example of a package including detectablefeatures.

FIG. 5 illustrates an example of a method of authenticating a package.

FIG. 6 illustrates an example of a method of checking authenticity of apackage.

FIG. 7 is a block diagram illustrating a computer system operable toperform the method depicted in FIGS. 5 and 6.

DETAILED DESCRIPTION OF THE INVENTION

For simplicity and illustrative purposes, the principles of theembodiments are described by referring mainly to examples thereof. Inthe following description, numerous specific details are set forth inorder to provide a thorough understanding of the embodiments. It will beapparent however, to one of ordinary skill in the art, that theembodiments may be practiced without limitation to these specificdetails. In other instances, well known methods and structures have notbeen described in detail so as not to unnecessarily obscure theembodiments.

A system for authenticating packages is described. Identificationinformation may be encoded and affixed to the package as detectablefeatures. As used in this specification, “package” may refer to anindividual container, a carton or a pallet or any type of receptacle forproducts on which identification information may be stored.

The term “affixed” to the package refers to anything that is integral topackage in some way. For example, each detectable feature may beembedded within or on the surface of the package. The detectable featuremay also be permanently or semi-permanently attached to the packageduring manufacture or shortly thereafter using adhesive or mechanicalmethods. The detectable feature may also be printed on the package.

The term “detectable” feature includes any feature that is overt,visible, observable or viewable by the unaided human senses, or usingsome type of reader. For example, a detectable feature may include afeature that is observable by the human eye, a feature that is sensedthrough touch, such as Braille, or a feature that is detected by adevice, such as a scanner, barcode reader, or a RFID tag reader.

In one embodiment, a user may authenticate a package by providing adescription of detectable features of a package to a server system. Theserver system may compare the received description to descriptionsstored in a database at the server system or at a database connected tothe server system. If the received description matches a descriptionstored in the database, the server system sends a message to the userindicating that the package is authentic. If the received descriptiondoes not match any of the descriptions stored in the database, theserver system sends a message to the user indicating that the package isnot authentic.

FIG. 1 illustrates a simplified example of a system 100 through whichpackaging of a product may be authenticated. The system 100 may includea network 110, a server system 120 and a user system 130. The serversystem 120 and the user system 130 may include any type of computersystem, such as the computer system described with reference to FIG. 7.The server system 120 may include a network interface including softwareand/or hardware, serving software (not shown) for communicating withother systems connected to the server system 120 through the network110. The server system 120 may also include a database 122 storinginformation with which the server system 120 may authenticate packages.The network 110 may include any type of network, including a LAN, a WAN,the Internet, etc.

In the system 100, a user system 130 may send package informationregarding features of a package to be authenticated to a server system120 via the network 110. The package information may be input into theuser system 120 by using some type of a reader, manually typinginformation, etc. A reader may include any type of a reader for readinginformation, including any type of scanner (such as a bar code scanner),a radio frequency identification (“RFID”) tag reader, etc.

The user system 130 may submit the package information to the serversystem 120 through a website administered by the server system 120. Theserver system 120 compares the received information to informationstored in a database 122. The server system 120 transmits a messageindicating that the package is authentic or informing the user system130 that the package may not be authentic via the network 110. Themessage transmitted by the server system 120 may include a message sentto the user's browser or an email or other type of message.

The system 100 may be used to authenticate any type of product at anypoint of a supply chain, from the manufacturer to the customer. As anexample, FIG. 2 illustrates a pharmaceutical supply chain and use of theauthentication system in FIG. 1 in the pharmaceutical supply chain. Itwill be apparent that the authentication system can be used in supplychains for many product types.

FIG. 2 illustrates a simplified example of a supply chain 200 for thesale of pharmaceutical (“pharma”) products. As shown in FIG. 2, rawmaterials 210 are received by a pharma manufacturing facility (“PMF”)212. The PMF 212 sends the manufactured pharma products to a wholesaler214 or a repackager/wholesaler 218. The wholesaler 214 may sell thepharma products to institutions 222, such as hospitals, nursing homes orhospices, or pharmacies 224, which sell the pharma products toindividual users 230. The wholesaler 214 may also send some of itsreceived pharma products to the repackager/wholesaler 218.

The repackager/wholesaler 218 may sell the pharma products toclosed-door pharmacies 226. The closed-door pharmacies 226 sell thepharma products to institutions 222, such as hospitals, nursing homes orhospices. The PMF 212 may also directly provide pharma products to theclosed-door pharmacies 226.

Problems with counterfeit goods may arise within a network of secondarywholesalers 216. Some of the pharma products received by therepackager/wholesalers 218 or closed-door pharmacies 226 may end up atthe secondary wholesalers 216, who may sell the pharma products athighly discounted prices to pharmacies 224. The secondary wholesalers216 may sell some of the pharma products to the wholesalers 214.

Due to the number of entities handling the pharma products as theyprogress through the supply chain, pharmacies 224 and institutions 222may receive counterfeit pharma products. For example, secondarywholesalers 216 may receive counterfeit products, which the secondarywholesalers 217 may sell to pharmacies 224 or wholesalers 214,introducing the counterfeit products into the supply chain. Counterfeitpharma products may include pharma products that have been reimportedinto the country from abroad [also known as “diversion”], pharmaproducts that have expired (but the expiry dates have been changed onthe packaging), or pharma products not manufactured by the PMF 212 thatare packaged in packaging designed to spoof the packaging of actualpharma products. Other examples include packages on which the markingindicating the concentration/amount of active reagent has been altered,or counterfeit materiel that is placed in previous opened but restoredpackaging.

The authentication system 100 in FIG. 1 may be used in the supply chain200 to authenticate pharma products produced by the PMF 212. The serversystem 120 used to authenticate the pharma products may be administeredby the PMF 212 or administered by an agent of the PMF 212. The usersystem 130 may be located at any of the other locations in the supplychain 200, including the institution 222, the pharmacies 224,closed-door pharmacies 226, the wholesaler(s) 214,repackager/wholesaler(s) 218, secondary wholesaler(s) 216, or individualuser 230. Also, the user system 130 may be located at any point outsideof the supply chain where authentication is desired.

FIG. 3A illustrates a simplified example of data flow in a system 300for authenticating products, including, but not limited to, pharmaproducts. The system 300 may include a coding module 310, an encryptionmodule 320, an affixing module 330 and an authentication module 340. Thecoding module 310, the encryption module 320 and the affixing module 330may be located at the PMF 212 shown in FIG. 2. The authentication module340 may be located at the PMF 212 or at an agent of the PMF 212. Theauthentication module 340 may be part of the server system 120 shown inFIG. 1.

At the coding module 310, the system 300 may generate a product key 315derived from a product code 305 for each package. A product code mayinclude any number that may identify a package, such as a lot number forthe product or a unique number stored in a RFID tag. A product code canalso be in the bar code or other RSS, reduced space symbology, the SKU,or stock-keeping unit. A product key can be any combination of thesecodes and/or hash/giest of these codes. As described above, a packagemay include a container, a carton or a pallet, where a carton includes20-30 containers and a pallet includes about 500 or more cartons. Acontainer may include a box or a bottle or any other type of receptacleor container for goods.

At the encryption module 320, the system 300 may encrypt the product keywith an encryption key 317. The encryption key 317 may include amanufacturer key or a product line key. A manufacturer key may include akey that is assigned to a specific manufacturer for encryptinginformation for all of the packages for the manufacturer's products. Aproduct line key may include a key that is specific to a product line ofa manufacturer for encrypting information for all of the packages forthe product line.

The encrypted product key 325 may be stored as a package identifier in adatabase 122 of a server system 130, shown in FIG. 1, for comparisonduring an authentication process. In some embodiments, informationstored in a RFID tag is used in the encryption process. For example,since RFID may include 96 bits, this gives 2^96 combinations for theRFID tag information. A subsample of these 96 bits may be used forencrypting the product key.

At the affixing module 330, the system 300 translates the results of theencryption process into detectable features, and affixes the detectablefeatures on the package. For example, the encryption process in theencryption module 320 may produce an encrypted product key 325 thatincludes a bit stream. At the affixing module 330, the system 300 may beprovided with a series of questions with which each package is to beauthenticated. At the affixing module 330, the system 300 may align thequestions with parts of the bit stream so that a part of the bit streamcorresponds to each question. Thus, each part of a bit streamcorresponding to a question may be translated by the printing module toan answer to the question. The answers to the questions are affixed onthe package as detectable features on the package 335 at the affixingmodule 330. An example of a bit stream and corresponding detectablefeatures are described with reference to FIG. 4A and FIG. 4B, below.

The authentication module 340, for example provided at the server system120, receives identification information 347 from a user system 130, asshown in FIG. 3B. The identification information 347 may include a lotnumber or other unique identifier read from the package visually orelectronically, such as using some type of a reader. The identificationinformation 347 may also include responses to a series of questionspresented to the user system 130 by the authentication module 340. Insome embodiments, these questions can be made to carry from one lot tothe next, so that spoofing of the system is made much more difficult.The user system 130 may submit the identification information 347 to theauthentication module through a website. The website may be administeredby the server system 120.

The authentication module 340 compares the received identificationinformation to the stored encrypted product key 325. The authenticationmodule 340 may also translate the responses to an authenticationidentifier that is similar in form to the stored encrypted productkey(s) 325. For example, if the answer to a question is “yes,” the partof the authentication identifier (stored separately from the package andaccessed as described above) corresponding to the answer to the questionmay be set to “1” while if the answer to the question is “no,” the partof authentication the identifier corresponding to the answer to thequestion may be set to “0.” The authentication identifier may becompared to the stored encrypted product key 325 to determine whetherthe authentication identifier represents an authentic package. Theauthentication module 340 then transmits a message to the user system130 indicating whether the package is authentic or not authentic.

FIG. 4A shows an example of an encrypted product key 325 in the form ofa bit stream 400 produced by the encryption module 320. The bit stream400 includes data representing answers to a series of questionsregarding detectable features of a package to be authenticated. Forexample, the series of questions may include a question asking if thereis a watermark on the label. The first section 402 of the bit stream,such as the first bit, may be set to be the answer to this question. Asshown in FIG. 4, the first section 402 contains a value of “0.” Thus,this indicates that a watermark or some other type of detectable mark(such as a printed image) should not be printed on the label.

Similarly, a second section 404 may represent, for example, color codingof the background of the ingredients list of the package. A thirdsection may represent, for example, a number “Y” printed inside the capof the bottle.

FIG. 4B illustrates an example of a package 420 having the detectablefeatures derived from the bit stream 400 placed upon it. For example,the label 412 does not have a watermark as indicated in the firstsection 402 of the bit stream 400. A list of ingredients 414 includesthe color coding derived from the second section 404 of the bit stream.The cap 416 includes the number “Y” derived from the third section 406of the bit stream 400. The package 420 may also include a RFID tag 418storing authentication data that may be read by the user system 130 andauthenticated by the server system 120.

The RFID tag 418 uses radio frequency technology to transmit informationstored in the RFID tag 418. For example, the RFID tag 418 may include anintegrated circuit and an antenna. The RFID tag 418 preferably includesa passive RFID tag (not using an internal power source such as abattery). However, an active RFID tag (using an internal power source,such as a battery) may be used. The RFID tag 418 may be read by a RFIDreader (not shown). The RFID reader may generate a magnetic field forinterrogating the tag 418 using an antenna, which may include aninductive element. The magnetic field induces an energizing signal forpowering the tag 418 via the antenna. When powered the RFID tag 418generates a signal which may include information associated with thepackage 420. The signal is modulated using a know modulation scheme andtransmitted to the RFID reader.

The RFID tag 418 may be read or written to from distances of up to 20feet, and is not required to be in the line of sight of the RFID readerto be read. The RFID tag may be affixed onto the package 420 prior to,during, or after a process of printing information on the material usedto form the package 420 or on material affixed to the package 420. TheRFID tag can also be extricated from a series of RFID tagssimultaneously polled from a pallet or other set of multiple RFID taggedunits.

FIG. 5 is a flow diagram illustrating an embodiment of a method ofauthenticating a package 420. The server system 120, as shown in FIG. 1,receives a description of the package from a user 230, shown in FIG. 2,at step 510. The server system 120 may receive the description, forexample, through an authentication website. The user 230 may provide thedescription of the package from a user system 130 to the authenticationmodule 340. In one embodiment, the user system 130 may transmit thedescription of the package over the network 110.

The description includes a description of detectable features 335 of thepackage, as described with respect to FIG. 3A. The detectable features335 may be affixed on the package 420 based on encoded information. Asdiscussed above with respect to FIGS. 3A, 3B, 4A and 4B, the encodedinformation may be derived from a unique product code 305 for thepackage 410. In one example, the product code 305 may include a lotnumber or a unique number store in the RFID tag 418. The RFID tag mayalso store numbers separate from the product code. For example, the RFIDtag may include encrypted information.

The detectable features 335 may include any feature that may be printedor placed on the package. The detectable features 335 may be printedusing variable data printing, where printing is varied per package basedon data in the bit stream 400. Variations in the detectable features 335may include one or more of a number placed somewhere on the package,variation in appearance of various features of the package, watermarksplaced on the package, and placing various patterns or images on thepackage, colors, information stored in a RFID tag, etc.

Variations in appearance may include variations in color coding,resolution, line thickness, spacing, curvature, length, scale, number ofline crossings, and so on. The number of line crossings may include thenumber of lines crossed by another line. The variations in appearancemay also include the “warped” alphanumerics used for users to sign upfor web-based lists, services etc., so that machines cannotautomatically answer these questions and so on. The variations inappearance may be applied to an ingredients list or other words on thepackage such as using variable colored characters or different fontsizes in text. Variations may be applied to a test target, such as astandard Macbeth color target, by printing a uniform hue rectangulartarget using differences in hue. Variations in test targets may alsoinclude variations in modulation transfer function (“MTF”) patterns byprinting MTF pattern sets with different low-resolution andhigh-resolution targets. Line thickness, spacing, percentage of colorsin test targets may also be varied.

The description may include a description of the detectable features 335affixed to the package 410. For example, the description may include aunique identification (“unique ID”) such as a lot number, anidentification number printed on the package, a name of the product, ora combination of any of the preceding. The description may also includeanswers to a series of questions or requests for answers from the serversystem 120. The series of questions may include questions regardingdetectable features of the package 420 that is to be authenticated. Forexample, the questions may include questions regarding color coding,resolution, thickness, spacing, font size, patterns, watermarks, testtargets, images, and/or numbers on the package. In some embodiments, thedescription received may include a scan of a RFID tag.

The server system 120 provides authentication information to the usersystem 130 based on comparison of the description received to storedpackage identifiers at step 520. Providing the authenticationinformation may include providing an authentication message to the usersystem. The server system 120 may transmit the authentication message tothe user system 130 over the network 110. In one embodiment, the serversystem 120 may provide an authentication message 345 based on acomparison of the received identification information 347 and storedpackage identifiers. The stored package identifiers may include, forexample, encrypted product keys 325.

If the received identification information matches a stored packageidentifier, the server system 120 may provide a message to the usersystem 130 indicating that the received identification information 347represents an authentic package. If the received identificationinformation 347 does not match a stored package identifier, the serversystem 120 may provide a message to the user system 130 indicating thatthe received identification information does not represent an authenticpackage. The authentication message 345 may include an email or amessage displayed on a web page viewable in a web browser of the usersystem 130, where the web page is part of a website administered by theserver system 120.

The server system 120 may also purge package identifiers from thedatabase 122 for packages including products which have expired. Theserver system 120 may purge each package identifier at the date ofexpiry of the product in the package to ensure that expired products arenot authenticated by the server system 120. Expiry may also be reportedto the user and recorded, since this gives a (different) clue to thetype of counterfeiting involved than multiple authentication.

The server system 120 may also determine whether the package has alreadybeen authenticated. For example, the server system 120 may keep track ofthe number of times and/or by whom or what entity (such as “customer” or“pharmacist” or “warehouse”) the package 410, as shown in FIG. 4B, hasbeen authenticated. The server system 120 may also purge packageidentifiers if they have been authenticated by a customer. For example,the package identifiers authenticated by the customer may be purged fromthe list of “authentic, still to be authenticated” packages. Informationthat has already been “authenticated” may be reported and recorded,since it would provide a different type of counterfeiting provenancethan expiry, described above.

FIG. 6 is an embodiment of checking authenticity of a package. The usersystem 130, as shown in FIG. 1, provides a unique ID for a package 410,as shown in FIG. 4B, to a server system 130 to check authenticity of thepackage 410 at step 610. In one example, the user system 130 may submitthe unique ID to the server system 120 through an authentication websiteadministered by the server system 120. The unique ID may include anumber printed on the package 420, a lot number for the package 420, ora combination of detectable identification found on the package 420which a user 230, as shown in FIG. 2, may read and provide to theauthentication website.

At step 620, the user system 130 provides information regardingdetectable features of the package 410 to the server system 120.Detectable features may include detectable features such as thedetectable features 412, 414, 416 shown in FIG. 4. The user 230 mayprovide descriptions of the detectable features 412, 414, 416 inresponse to a series of questions received from the authenticationwebsite.

The series of questions received from the authentication website mayinclude questions regarding the detectable features of the package 420.The detectable features may include any feature that may be affixed onthe package. The detectable features may be printed using variable dataprinting, where printing is varied per package based on data in the bitstream 400. Variations in the detectable features may include one ormore of a number placed somewhere on the package, variation inappearance of various features of the package, watermarks placed on thepackage, and placing various patterns or images on the package, and soon.

Variations in appearance may include variations in color coding,resolution, line thickness, spacing, curvature, length, scale, number ofline crossings, “warped” alphanumerics and so on. The variations inappearance may be applied to an ingredients list or other words on thepackage such as using variable colored characters or different fontsizes in text. Variations may be applied to a test target, such as astandard Macbeth color target, by printing a uniform hue rectangulartarget using differences in hue. Variations in test targets may alsoinclude variations in modulation transfer function (“MTF”) patterns byprinting MTF pattern sets with different low-resolution andhigh-resolution targets. Line thickness, spacing, percentage of colorsin test targets may also be varied.

The series of questions may include questions listed together on aweb-based form or questions presented to the user 230 individually (oneat a time). In some embodiments, each question that is presentedindividually to the user 230 may be dependent on a response transmittedby the user to a previous question. Depending on design, the response(s)by the user may be entered onto a blank line, selected from a drop downlist, or selected from two or more radio buttons.

At step 620, the user 230 receives authentication information based onthe unique ID of the package 420 and information regarding thedetectable features of the package 420. For example, the user mayreceive an authentication message based on the transmitted unique ID andtransmitted descriptions of the detectable features. If the combinationof the transmitted unique ID and transmitted descriptions of thedetectable features matches a stored package identifier, the user 230may receive a message indicating that the combination of the transmittedunique ID and transmitted descriptions of the detectable featuresrepresents an authentic package. If the combination of the transmittedunique ID and transmitted descriptions of the detectable features doesnot match a stored package identifier, the user 230 may receive amessage indicating that the combination of the transmitted unique ID andtransmitted descriptions of the detectable features does not representan authentic package.

The authentication message may include an email or a message displayedon a web page viewable in a web browser of the user system 130, wherethe web page is part of the authentication website administered by theserver system 120.

FIG. 7 illustrates an embodiment of a computer system 700 operable tocontrol the package authentication process described with respect to themethods 500 and 600. In this respect, the computer system 700 may beused as a platform for executing one or more of the functions describedhereinabove with respect to the various steps outlined in the methods500 and 600.

The computer system 700 includes one or more controllers, such as aprocessor 702. The processor 702 may be used to execute some or all ofthe steps described in the methods 500 and 600. Commands and data fromthe processor 702 are communicated over a communication bus 704. Thecomputer system 700 also includes a main memory 706, such as a randomaccess memory (RAM), where a program code may be executed duringruntime, and a secondary memory 708. The secondary memory 708 includes,for example, one or more hard disk drives 710 and/or a removable storagedrive 712, representing a floppy diskette drive, a magnetic tape drive,a compact disk drive, etc., where a copy of the program code for themethod 400 may be stored.

The removable storage drive 712 reads from and/or writes to a removablestorage unit 714 in a well-known manner. User input and output devicesmay include a keyboard 716, a mouse 718, and a display 720. A displayadaptor 722 may interface with the communication bus 704 and the display720 and may receive display data from the processor 702 and convert thedisplay data into display commands for the display 720. In addition, theprocessor 702 may communicate over a network, for instance, theInternet, LAN, etc., through a network adaptor 724.

It will be apparent to one of ordinary skill in the art that other knownelectronic components may be added or substituted in the computer system700. In addition, the computer system 700 may include a system board orblade used in a rack in a data center, a conventional “white box” serveror computing device, etc. Also, one or more of the components in FIG. 7may be optional (for instance, user input devices, secondary memory,etc.).

What has been described and illustrated herein is an embodiment alongwith some of its variations. The terms, descriptions and figures usedherein are set forth by way of illustration only and are not meant aslimitations. Those skilled in the art will recognize that manyvariations are possible within the spirit and scope of the subjectmatter, which is intended to be defined by the following claims—andtheir equivalents—in which all terms are meant in their broadestreasonable sense unless otherwise indicated.

1. A method of authenticating products, the method comprising: receivinga description of detectable features read from a package including twoor more detectable features, wherein the detectable features aredetermined from encoded information associated with a product in thepackage and a series of questions regarding the package, and thedetectable features are affixed to the package after being determined;and providing authentication information based on a comparison of thereceived description to one or more stored package identifiers.
 2. Themethod of claim 1, further comprising: comparing the receiveddescription to the one or more stored package identifiers.
 3. The methodof claim 1, wherein receiving a description of one or more of thedetectable features comprises receiving input transmitted from a readingdevice.
 4. The method of claim 3, wherein receiving input from a readingdevice comprises receiving radio frequency identification (“RFID”) taginformation from the reading device.
 5. The method of claim 1, furthercomprising affixing the detectable features on the package based on theencoded information.
 6. The method of claim 1, wherein receiving adescription of the package comprises a unique identification (“uniqueID”) associated with the package.
 7. The method of claim 6, wherein theunique ID comprises at least one of a lot number, an identificationnumber printed on the package, RFID tag information and a name of theproduct.
 8. The method of claim 1, further comprising: providing one ormore questions of the series of questions regarding the detectablefeatures, wherein at least a portion of the received description isreceived in response to the one or more questions.
 9. The method ofclaim 1, wherein providing the authentication message comprisesproviding a message indicating that the package is authentic if thereceived description matches one of the one or more stored packageidentifiers.
 10. The method of claim 1, wherein providing theauthentication message comprises providing a message indicating that thepackage may not be authentic if the received description does not matchone of the one or more stored package identifiers.
 11. The method ofclaim 1, further comprising removing at least one of the one or morestored package identifiers from a database in response to passing anexpiration date associated with the at least one of the one or morestored package identifiers.
 12. The method of claim 1 furthercomprising: generating a product key derived from a product code for thepackage; and encrypting the product key with one of a manufacturer keyor a product line key to generate the encoded information.
 13. Themethod of claim 12, wherein encrypting the product key produces a bitstream, and the method further comprises: translating the bit streaminto answers to the series of questions regarding the package, thedetectable features corresponding to the answers to the series ofquestions.
 14. A method of authenticating a package, the methodcomprising: providing an unique ID of a package to a website; providinginformation regarding one or more detectable features of the package tothe website, wherein the detectable features are determined from encodedinformation associated with a product in the package and a series ofquestions regarding the package, and the detectable features are affixedto the package after being determined; and receiving authenticationinformation from the website regarding authenticity of the package. 15.The method of claim 14, wherein the unique ID comprises at least one ofa lot number, an identification number printed on the package, RFID taginformation and a name of the product.
 16. The method of claim 14,wherein providing the information regarding the one or more detectablefeatures comprises providing the information regarding the one or moredetectable features in response to the series of questions received fromthe website.
 17. A system for authenticating packages, the systemcomprising: an affixing module configured to affix detectable featureson a package based on encoded information; an authentication moduleconfigured to receive a description of one or more of the detectablefeatures and transmit authentication information based on a comparisonof the received description to one or more stored package identifiers;an encoding module configured to generate a product key derived from aproducer code for the package; and an encryption module configured toencrypt the product key with one of a manufacturer key or a product linekey to produce a bit stream, wherein the affixing module is furtherconfigured to translate the bit stream into answers to a series ofquestions regarding the package, the detectable features correspondingto the answers to the series of questions.
 18. A computer readablestorage medium on which is embedded one or more computer programs, saidone or more computer programs implementing a method of authenticatingproducts, said one or more computer programs comprising a set ofinstructions for: receiving a description of detectable features readfrom a package, wherein the detectable features are determined fromencoded information associated with a product in the package and aseries of questions regarding the package, and the detectable featuresare affixed to the package after being determined; and providingauthentication information based on a comparison of the receiveddescription to one or more stored package identifiers.
 19. A computerreadable storage medium on which is embedded one or more computerprograms, said one or more computer programs implementing a method ofauthenticating products, said one or more computer programs comprising aset of instructions for: providing a unique ID of a package to awebsite; providing information regarding one or more detectable featuresof the package to the website, wherein the detectable features aredetermined from encoded information associated with a product in thepackage and a series of questions regarding the package, and thedetectable features are affixed to the package after being determined;and receiving authentication information from the website regardingauthenticity of the package.
 20. A system for authenticating a package,the system comprising: means for receiving a description of detectablefeatures read from a package, wherein the detectable features aredetermined from encoded information associated with a product in thepackage and a series of questions regarding the package, and thedetectable features are affixed to the package after being determined;and means for providing authentication information based on a comparisonof the received description to one or more stored package identifiers.